changepassword vs. setpassword in Windows 2000
From: glchen (anonymous_at_discussions.microsoft.com)
Date: 02/04/04
- Next message: Oli Restorick [MVP]: "Re: Blaster patch - Not part of Windows Update ?"
- Previous message: Scott Harding - MS MVP: "Re: 832894 phish fix -- TCP broken"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 4 Feb 2004 13:23:34 -0800
Is there any way to force setpassword API call to be
validated by Windows password policies?
Background:
There are two AD programmatic and GUI interfaces to update
AD password. One is to "change password" and the other is
to "reset password". Change password requires the old
password/newpassword. Reset(set) password does not
require the old password.
AD password policy enforcement seems to only impact on the
change password cases. "Reset password" seems to bypass
the checking of password policy settings
I implemented a self-service password update website which
allows users to reset password if users provide correct
security data (so called attribute-based authentication).
This self-service password uses "set password" API (not
change password) since self-service password website is
mainly used by the users who forgot his password or his
password expired (use attribute-base authentication).
.
- Next message: Oli Restorick [MVP]: "Re: Blaster patch - Not part of Windows Update ?"
- Previous message: Scott Harding - MS MVP: "Re: 832894 phish fix -- TCP broken"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
